Flexible method of user authentication

US 8,296,570 B2
Filed: 08/23/2006
Issued: 10/23/2012
Est. Priority Date: 07/25/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of authorizing a user to selectively access stored files, the method comprising:

authorizing a user to access a system having files stored thereon, wherein authorizing the user comprises—

determining two or more available user information entry devices from a plurality of different user information entry devices in communication with the system, wherein each of the different user information entry devices is associated with a corresponding distinct security level;

determining an authorization method from a plurality of different authorization methods, wherein the plurality of different authorization methods require data from the two or more corresponding available user information entry devices;

receiving user authorization information from the two or more available user information entry devices and combining the corresponding distinct security levels into an authorization level for the authorization method;

selecting stored data corresponding to the level of authorization; and

registering the received user authorization information against the selected stored data to perform at least one of identifying and authorizing the user at the authorization level;

upon authorization of the user, retrieving a plurality of password identifiers, individual password identifiers being associated with a password, and individual passwords providing access to a file;

receiving an indication of a selected password identifier; and

providing a password associated with the selected password identifier to an application to access the file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authorizing a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Citations

24 Claims

1. A method of authorizing a user to selectively access stored files, the method comprising:
- authorizing a user to access a system having files stored thereon, wherein authorizing the user comprises—
  
  determining two or more available user information entry devices from a plurality of different user information entry devices in communication with the system, wherein each of the different user information entry devices is associated with a corresponding distinct security level;
  
  determining an authorization method from a plurality of different authorization methods, wherein the plurality of different authorization methods require data from the two or more corresponding available user information entry devices;
  
  receiving user authorization information from the two or more available user information entry devices and combining the corresponding distinct security levels into an authorization level for the authorization method;
  
  selecting stored data corresponding to the level of authorization; and
  
  registering the received user authorization information against the selected stored data to perform at least one of identifying and authorizing the user at the authorization level;
  
  upon authorization of the user, retrieving a plurality of password identifiers, individual password identifiers being associated with a password, and individual passwords providing access to a file;
  
  receiving an indication of a selected password identifier; and
  
  providing a password associated with the selected password identifier to an application to access the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - storing the plurality of passwords identifiers in a secure storage location.
  - 3. The method of claim 2, further comprising:
    - retrieving the password associated with the selected password identifier from the secure storage location.
  - 4. The method of claim 2, wherein storing the plurality of password identifiers in a secure storage location comprises storing the plurality of password identifiers in one or more of a key escrow server and a smart card.
  - 5. The method of claim 1, wherein receiving the indication of a selected password identifier comprises receiving the indication of a selected password identifier associated with a password that the user is unaware of.
  - 6. The method of claim 1, wherein receiving the indication of a selected password identifier comprises receiving the indication of a selected password identifier associated with a password that is designated by the user.
  - 7. The method of claim 1, further comprising:
    - providing the user with access to the file.
  - 8. The method of claim 1, wherein receiving the indication of a selected password identifier comprises receiving the indication of a selected password identifier from the user for a file.
  - 9. The method of claim 1, wherein receiving the indication of a selected password identifier comprises receiving the indication of a selected password identifier associated with respective passwords that provide user access to respective sets of files in the system.
  - 10. The method of claim 1, wherein receiving the indication of a selected password identifier comprises receiving the indication of a selected password identifier associated with respective passwords that provide access to respective security levels within the system.

11. A method of updating a password associated with a plurality of files, the method comprising:
- receiving a request from a user to change the password;
  
  authorizing the user by—
  
  determining at least two available input devices from a plurality of different input devices in communication with a system, wherein the different input devices are associated with corresponding different degrees of security;
  
  determining an authorization method from a plurality of different authorization methods, wherein the plurality of different authorization methods require data from the at least two corresponding available input devices;
  
  combining the different degrees of security to obtain an authorization level for the determined authorization method having an associated security level sufficient for accessing the password; and
  
  authorizing the user according to the determined authorization method with data received from the determined at least two available input devices;
  
  determining the plurality of files associated with the password;
  
  receiving an indication of a new password; and
  
  securing the plurality of files with the new password.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The method of claim 11, further comprising:
    - storing the new password in a key database.
  - 13. The method of claim 11, wherein receiving the request from the user comprises receiving a first request to change the password, and wherein the method further comprises receiving a second request to change the password, wherein the second request is an automatic password change request at a predetermined time interval.
  - 14. The method of claim 11, wherein receiving the indication of the new password comprises automatically generating the new password.
  - 15. The method of claim 11, wherein authorizing the user requesting the password change comprises:
    - prompting the user for identification information; and
      
      comparing the identification information against previously stored information.
  - 16. The method of claim 11, further comprising:
    - archiving the password upon receiving the indication of the new password.
  - 17. The method of claim 11, further comprising:
    - destroying the password upon receiving the indication of the new password.
  - 18. The method of claim 11, wherein receiving an indication of a new password comprises receiving the new password from the authorized user.
  - 19. The method of claim 11 wherein:
    - receiving the request to change the password comprises receiving the request to change a first password and a second password;
      
      determining the plurality of files comprises determining a plurality of first files associated with the first password and a plurality of second files associated with the second password;
      
      receiving an indication of a new password comprises receiving an indication of a first new password and a second new password; and
      
      securing the plurality of files comprises securing individual first files with the first new password and individual second files with the second new password.
  - 20. The method of claim 19 wherein the first password corresponds to a higher security level than the second password.
  - 21. The method of claim 11 wherein the authorization methods associated with the corresponding input devices comprise at least one of the following:
    - a retinal scan, a smart card authorization, a token authorization, a password token typing pattern, a fingerprint, a password, a fingerprint and a password, a retinal scan and a password, a password token, and a password token voiceprint.
  - 22. The method of claim 11 wherein determining at least one available input device comprises determining at least one available input device from at least one of the following input devices:
    - a smart card reader, a keyboard, a retinal scanner, a token reader, a fingerprint scanner, and a microphone/voice print scanner.

23. A method of updating a password associated with a plurality of files, the method comprising:
- receiving a request from a user to change the password;
  
  authorizing the user by—
  
  determining two or more available input devices from a plurality of different input devices in communication with a system, wherein the different input devices are associated with corresponding different degrees of security;
  
  determining an authorization method from a plurality of different authorization methods, wherein the plurality of different authorization methods require data from a two or more corresponding available user input devices, the determined authorization method having a security level calculated by combining the degrees of security from the two or more available input devices, and wherein the determined two or more available input devices and corresponding authorization method have an associated security level sufficient for accessing the password; and
  
  authorizing the user according to the determined authorization method with data received from the determined two or more available input devices;
  
  determining the plurality of files associated with the password;
  
  receiving an indication of a new password;
  
  securing the plurality of files with the new password;
  
  identifying a security breach; and
  
  receiving an automatic password change request upon identification of the security breach.
- View Dependent Claims (24)
- - 24. The method of claim 23 wherein:
    - receiving the automatic password change request comprises receiving the automatic password change request to change the password to a password associated with a higher security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Original Assignee
Activcard Ireland, Limited (Assa Abloy AB)
Inventors
Hamid, Laurence, Hillhouse, Robert D.
Primary Examiner(s)
Darrow, Justin T

Application Number

US11/508,463
Publication Number

US 20060288229A1
Time in Patent Office

2,253 Days
Field of Search

713165-167, 713182-186, 713/193, 380/286, 726/5, 726/6, 726/9, 726 16- 20
US Class Current

713/182
CPC Class Codes

G06F 21/31 User authentication

Flexible method of user authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Flexible method of user authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links